diff options
| author | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-02-22 19:46:51 +0100 |
|---|---|---|
| committer | Lukas Fleischer <archlinux@cryptocrack.de> | 2011-02-23 11:17:27 +0100 |
| commit | 09d8128f99c2edc27dd81efc63e9b3c797603ca1 (patch) | |
| tree | e2a29431b1eae9c469415d2f6b9757622c31ca7c /web/lib/config.inc.proto | |
| parent | f961ffd9c7f2d3d51d3e3b060990a4fef9e56c1b (diff) | |
| download | aur-09d8128f99c2edc27dd81efc63e9b3c797603ca1.tar.gz aur-09d8128f99c2edc27dd81efc63e9b3c797603ca1.tar.xz | |
Protect users against ZIP bombs (fixes FS#22991).
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
Diffstat (limited to 'web/lib/config.inc.proto')
| -rw-r--r-- | web/lib/config.inc.proto | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/web/lib/config.inc.proto b/web/lib/config.inc.proto index bee68891..80a7e540 100644 --- a/web/lib/config.inc.proto +++ b/web/lib/config.inc.proto @@ -53,3 +53,8 @@ $LOGIN_TIMEOUT = 7200; # Session timeout when using "Remember me" cookies $PERSISTENT_COOKIE_TIMEOUT = 60 * 60 * 24 * 30; + +# Uncompressed file size limit for submitted tarballs (ZIP bomb protection) - +# please ensure "upload_max_filesize" is additionally set to no more than 3M, +# otherwise this check might be easy to bypass (FS#22991 for details) +$MAX_FILESIZE_UNCOMPRESSED = 1024 * 1024 * 8; |